Browse by Category

Security Categories

Explore vulnerabilities organized by type and attack vector

Understanding vulnerability categories

Organized by attack vector

Categories group vulnerabilities by how an attacker exploits them — input manipulation, memory corruption, authentication bypass, and more. This makes it straightforward to reason about your attack surface rather than an undifferentiated list of findings.

Mapped to OWASP and CWE

Each category aligns to OWASP Top 10 entries and CWE identifiers, so engineers can map findings directly to compliance frameworks without manual cross-referencing. Useful when you need to demonstrate coverage to auditors or a security team.

Written for engineers who fix code

Every category page links to real fix PRs Orbis AppSec opened in open-source repositories, showing exact before/after patches. Not a generic advisory — a worked example you can reference when fixing the same pattern in your own code.

Frequently asked questions

How are vulnerability categories chosen?

Categories follow attack vector groupings aligned to OWASP Top 10 and CWE classifications. This makes it easy to map findings to compliance frameworks like SOC 2, PCI DSS, and HIPAA, while keeping the categories intuitive for developers who need to understand the nature of a flaw.

Does Orbis AppSec detect all categories across every language?

Coverage varies by language. SAST rules run across 10+ languages including Python, JavaScript, TypeScript, Go, Java, Ruby, and C/C++. Memory-safety categories (buffer overflow, use-after-free) apply mainly to C, C++, and Rust. Injection categories apply broadly across languages.

How does Orbis AppSec reduce false positives?

Orbis AppSec achieves roughly a 90% reduction in false positives compared to rule-only scanners by using AI to validate context before flagging an issue. The AI checks whether a code path is actually reachable with attacker-controlled input before raising a finding, and every finding includes a written explanation of why it is a real vulnerability.

Can Orbis AppSec automatically fix vulnerabilities in these categories?

Yes. For most categories Orbis AppSec automatically opens a GitHub pull request containing the fix. The PR includes a before/after diff, an explanation of the vulnerability, and references to the relevant CWE. The developer reviews and merges — no manual research or patch writing required.

Ready to secure your code?

Join thousands of developers who trust Orbis AppSec to find and fix vulnerabilities before they become problems. Get started in under 2 minutes.

Free for public reposNo credit card requiredSetup in 2 minutes